7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe
Size

184KB
MD5

4b97673fd0b4a269daf8d9241b7b7eb3
SHA1

1430292d0f73fd1dd5be03c8ae40f599053283c1
SHA256

7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548
SHA512

984ae6511ec9c318673ad1ebb3a32ccefd9b810e18849eb16219ca609b6d597a016f1a3248130997114a9459494a3c5ab074feb866ccdfd501672c099b0caaab
SSDEEP

3072:OEJ63ooOTgocZRetK4ZS8slzODvnqnxiuqnK:OEXoo8Re28MzODPqnxiuq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4988	Unicorn-10499.exe
3328	Unicorn-62798.exe
4648	Unicorn-54993.exe
1868	Unicorn-45284.exe
2620	Unicorn-37670.exe
2260	Unicorn-53452.exe
3196	Unicorn-28847.exe
4480	Unicorn-34184.exe
2344	Unicorn-45045.exe
4240	Unicorn-36798.exe
4244	Unicorn-42928.exe
1844	Unicorn-20370.exe
3372	Unicorn-16286.exe
4976	Unicorn-61957.exe
3068	Unicorn-46747.exe
4788	Unicorn-60416.exe
4372	Unicorn-33774.exe
3820	Unicorn-57079.exe
5100	Unicorn-1193.exe
3660	Unicorn-37666.exe
4832	Unicorn-13716.exe
2244	Unicorn-33582.exe
5080	Unicorn-11215.exe
3788	Unicorn-10950.exe
4140	Unicorn-34328.exe
4636	Unicorn-60971.exe
1012	Unicorn-9169.exe
1436	Unicorn-15299.exe
1820	Unicorn-2861.exe
4860	Unicorn-63766.exe
408	Unicorn-56153.exe
1888	Unicorn-22734.exe
4748	Unicorn-14928.exe
3744	Unicorn-30710.exe
3668	Unicorn-36832.exe
1468	Unicorn-8151.exe
4628	Unicorn-38613.exe
3860	Unicorn-64129.exe
4392	Unicorn-33424.exe
3388	Unicorn-6781.exe
4052	Unicorn-23118.exe
3380	Unicorn-23118.exe
1924	Unicorn-3252.exe
4348	Unicorn-26247.exe
4520	Unicorn-15312.exe
380	Unicorn-46039.exe
1116	Unicorn-63858.exe
2636	Unicorn-2505.exe
1248	Unicorn-33232.exe
1696	Unicorn-10408.exe
1176	Unicorn-29148.exe
3180	Unicorn-52261.exe
4276	Unicorn-35270.exe
2220	Unicorn-27010.exe
2228	Unicorn-6589.exe
4256	Unicorn-62997.exe
3368	Unicorn-12711.exe
4328	Unicorn-27970.exe
2064	Unicorn-38830.exe
1052	Unicorn-58696.exe
3600	Unicorn-48482.exe
2616	Unicorn-15525.exe
2740	Unicorn-27778.exe
4884	Unicorn-7912.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
4008	3068	WerFault.exe	102
12648	12532	WerFault.exe	599
13556	7048	WerFault.exe	303
2032	6952	WerFault.exe	302
3636	18196	WerFault.exe	880
16716	2896	WerFault.exe	1042
15860	8456	Process not Found	393
19240	7060	Process not Found	304

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	10096	Process not Found
Token: SeChangeNotifyPrivilege	10096	Process not Found
Token: 33	10096	Process not Found
Token: SeIncBasePriorityPrivilege	10096	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe
4988	Unicorn-10499.exe
3328	Unicorn-62798.exe
4648	Unicorn-54993.exe
1868	Unicorn-45284.exe
2620	Unicorn-37670.exe
2260	Unicorn-53452.exe
3196	Unicorn-28847.exe
4480	Unicorn-34184.exe
2344	Unicorn-45045.exe
4240	Unicorn-36798.exe
4244	Unicorn-42928.exe
3068	Unicorn-46747.exe
1844	Unicorn-20370.exe
4976	Unicorn-61957.exe
3372	Unicorn-16286.exe
4788	Unicorn-60416.exe
4372	Unicorn-33774.exe
3820	Unicorn-57079.exe
5100	Unicorn-1193.exe
3660	Unicorn-37666.exe
4832	Unicorn-13716.exe
2244	Unicorn-33582.exe
5080	Unicorn-11215.exe
3788	Unicorn-10950.exe
1012	Unicorn-9169.exe
4140	Unicorn-34328.exe
4636	Unicorn-60971.exe
1436	Unicorn-15299.exe
1820	Unicorn-2861.exe
4860	Unicorn-63766.exe
408	Unicorn-56153.exe
1888	Unicorn-22734.exe
4748	Unicorn-14928.exe
3744	Unicorn-30710.exe
3668	Unicorn-36832.exe
4628	Unicorn-38613.exe
1468	Unicorn-8151.exe
3860	Unicorn-64129.exe
4392	Unicorn-33424.exe
3388	Unicorn-6781.exe
4052	Unicorn-23118.exe
1924	Unicorn-3252.exe
3380	Unicorn-23118.exe
4348	Unicorn-26247.exe
4520	Unicorn-15312.exe
380	Unicorn-46039.exe
1116	Unicorn-63858.exe
1248	Unicorn-33232.exe
2636	Unicorn-2505.exe
1696	Unicorn-10408.exe
1176	Unicorn-29148.exe
4276	Unicorn-35270.exe
2228	Unicorn-6589.exe
3180	Unicorn-52261.exe
2220	Unicorn-27010.exe
4256	Unicorn-62997.exe
3368	Unicorn-12711.exe
4328	Unicorn-27970.exe
2064	Unicorn-38830.exe
1052	Unicorn-58696.exe
3600	Unicorn-48482.exe
2616	Unicorn-15525.exe
2740	Unicorn-27778.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 4988	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	81
PID 4524 wrote to memory of 4988	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	81
PID 4524 wrote to memory of 4988	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	81
PID 4988 wrote to memory of 3328	4988	Unicorn-10499.exe	86
PID 4988 wrote to memory of 3328	4988	Unicorn-10499.exe	86
PID 4988 wrote to memory of 3328	4988	Unicorn-10499.exe	86
PID 4524 wrote to memory of 4648	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	87
PID 4524 wrote to memory of 4648	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	87
PID 4524 wrote to memory of 4648	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	87
PID 3328 wrote to memory of 1868	3328	Unicorn-62798.exe	89
PID 3328 wrote to memory of 1868	3328	Unicorn-62798.exe	89
PID 3328 wrote to memory of 1868	3328	Unicorn-62798.exe	89
PID 4988 wrote to memory of 2620	4988	Unicorn-10499.exe	90
PID 4988 wrote to memory of 2620	4988	Unicorn-10499.exe	90
PID 4988 wrote to memory of 2620	4988	Unicorn-10499.exe	90
PID 4648 wrote to memory of 2260	4648	Unicorn-54993.exe	91
PID 4648 wrote to memory of 2260	4648	Unicorn-54993.exe	91
PID 4648 wrote to memory of 2260	4648	Unicorn-54993.exe	91
PID 4524 wrote to memory of 3196	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	92
PID 4524 wrote to memory of 3196	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	92
PID 4524 wrote to memory of 3196	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	92
PID 1868 wrote to memory of 4480	1868	Unicorn-45284.exe	95
PID 1868 wrote to memory of 4480	1868	Unicorn-45284.exe	95
PID 1868 wrote to memory of 4480	1868	Unicorn-45284.exe	95
PID 3328 wrote to memory of 2344	3328	Unicorn-62798.exe	96
PID 3328 wrote to memory of 2344	3328	Unicorn-62798.exe	96
PID 3328 wrote to memory of 2344	3328	Unicorn-62798.exe	96
PID 4988 wrote to memory of 4240	4988	Unicorn-10499.exe	97
PID 4988 wrote to memory of 4240	4988	Unicorn-10499.exe	97
PID 4988 wrote to memory of 4240	4988	Unicorn-10499.exe	97
PID 2620 wrote to memory of 4244	2620	Unicorn-37670.exe	98
PID 2620 wrote to memory of 4244	2620	Unicorn-37670.exe	98
PID 2620 wrote to memory of 4244	2620	Unicorn-37670.exe	98
PID 2260 wrote to memory of 1844	2260	Unicorn-53452.exe	99
PID 2260 wrote to memory of 1844	2260	Unicorn-53452.exe	99
PID 2260 wrote to memory of 1844	2260	Unicorn-53452.exe	99
PID 3196 wrote to memory of 3372	3196	Unicorn-28847.exe	100
PID 3196 wrote to memory of 3372	3196	Unicorn-28847.exe	100
PID 3196 wrote to memory of 3372	3196	Unicorn-28847.exe	100
PID 4524 wrote to memory of 3068	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	102
PID 4524 wrote to memory of 3068	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	102
PID 4524 wrote to memory of 3068	4524	7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe	102
PID 4648 wrote to memory of 4976	4648	Unicorn-54993.exe	101
PID 4648 wrote to memory of 4976	4648	Unicorn-54993.exe	101
PID 4648 wrote to memory of 4976	4648	Unicorn-54993.exe	101
PID 4480 wrote to memory of 4788	4480	Unicorn-34184.exe	106
PID 4480 wrote to memory of 4788	4480	Unicorn-34184.exe	106
PID 4480 wrote to memory of 4788	4480	Unicorn-34184.exe	106
PID 2344 wrote to memory of 4372	2344	Unicorn-45045.exe	107
PID 2344 wrote to memory of 4372	2344	Unicorn-45045.exe	107
PID 2344 wrote to memory of 4372	2344	Unicorn-45045.exe	107
PID 1868 wrote to memory of 3820	1868	Unicorn-45284.exe	108
PID 1868 wrote to memory of 3820	1868	Unicorn-45284.exe	108
PID 1868 wrote to memory of 3820	1868	Unicorn-45284.exe	108
PID 3328 wrote to memory of 5100	3328	Unicorn-62798.exe	109
PID 3328 wrote to memory of 5100	3328	Unicorn-62798.exe	109
PID 3328 wrote to memory of 5100	3328	Unicorn-62798.exe	109
PID 4244 wrote to memory of 3660	4244	Unicorn-42928.exe	110
PID 4244 wrote to memory of 3660	4244	Unicorn-42928.exe	110
PID 4244 wrote to memory of 3660	4244	Unicorn-42928.exe	110
PID 2620 wrote to memory of 4832	2620	Unicorn-37670.exe	111
PID 2620 wrote to memory of 4832	2620	Unicorn-37670.exe	111
PID 2620 wrote to memory of 4832	2620	Unicorn-37670.exe	111
PID 4240 wrote to memory of 2244	4240	Unicorn-36798.exe	112

C:\Users\Admin\AppData\Local\Temp\7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe
"C:\Users\Admin\AppData\Local\Temp\7d15c229071470263c322e9f740f45ea0539fde1fbe7a87cd550f8dc8f32f548.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        10⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        10⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        10⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        9⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        9⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        9⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
        9⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        9⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        10⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        9⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        9⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        8⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        10⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        10⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        10⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        9⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        9⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        9⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        9⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        7⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        7⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
        7⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        6⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        6⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 692
        10⤵
        Program crash
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        9⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        9⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        9⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        8⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        7⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        7⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        6⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        5⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        5⤵
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42952.exe
        10⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        9⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        9⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        8⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        8⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        7⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        6⤵
        Executes dropped EXE
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        8⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        8⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        7⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        8⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24862.exe
        9⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        9⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46501.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
        7⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        7⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        5⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        7⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        7⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        7⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        7⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        6⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        6⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        5⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
        5⤵
        
        PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        8⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        7⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        6⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        6⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        6⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        6⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        5⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        7⤵
        
        PID:18196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18196 -s 424
        8⤵
        Program crash
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        6⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        5⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        5⤵
        
        PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      4⤵
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 720
        7⤵
        Program crash
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        6⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        5⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        5⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        5⤵
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58282.exe
      4⤵
      PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
      4⤵
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38660.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        8⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        7⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        7⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40942.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        7⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        6⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        6⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        5⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        6⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        6⤵
        
        PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        5⤵
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        7⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
        6⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12532 -s 212
        7⤵
        Program crash
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        6⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        6⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        6⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50234.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        5⤵
        
        PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        7⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        7⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        6⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        7⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        7⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        6⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        6⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        6⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        7⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        5⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
        5⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
      4⤵
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        5⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
      4⤵
      PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
      4⤵
      PID:16776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        7⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        6⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        5⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        5⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      4⤵
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
        6⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        5⤵
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      4⤵
      PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
      4⤵
      PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        5⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        6⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
      4⤵
      PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
      4⤵
      PID:16748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
    3⤵
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
      4⤵
      PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      4⤵
      PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
    3⤵
    PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      4⤵
      PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
      4⤵
      PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
      4⤵
      PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
    3⤵
    PID:8492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
    3⤵
    PID:13152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
    3⤵
    PID:17108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        8⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        7⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        7⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        6⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        8⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        6⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        5⤵
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        7⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        7⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8269.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        6⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        6⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        6⤵
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        5⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        5⤵
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
      4⤵
      PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
      4⤵
      PID:18408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        8⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        7⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17974.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        6⤵
        
        PID:18140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        6⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        6⤵
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        6⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        5⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14919.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        6⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        6⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
      4⤵
      PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17831.exe
      4⤵
      PID:17940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        7⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        5⤵
        
        PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        5⤵
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
      4⤵
      PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
      4⤵
      PID:7384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        6⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
      4⤵
      PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
      4⤵
      PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
      4⤵
      PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
    3⤵
    PID:11000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
    3⤵
    PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
    3⤵
    PID:18084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
    3⤵
    PID:4576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        6⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        6⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        5⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        6⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        5⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        5⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
      4⤵
      PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        5⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        6⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        6⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52479.exe
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
      4⤵
      PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
      4⤵
      PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19060.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        6⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
      4⤵
      PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
      4⤵
      PID:17744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      4⤵
      PID:364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
      4⤵
      PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
      4⤵
      PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
      4⤵
      PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 72
        5⤵
        Program crash
        
        PID:16716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
    3⤵
    PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29525.exe
      4⤵
      PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
      4⤵
      PID:7052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
    3⤵
    PID:10584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
    3⤵
    PID:14412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
    3⤵
    PID:18040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
    3⤵
    PID:6112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 488
    3⤵
    - Program crash
    PID:4008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13652.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
      4⤵
      PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
      4⤵
      PID:18156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
      4⤵
      PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
      4⤵
      PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
    3⤵
    PID:11772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
    3⤵
    PID:14280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
    3⤵
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      4⤵
      PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
      4⤵
      PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
      4⤵
      PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
    3⤵
    PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
    3⤵
    PID:11160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
    3⤵
    PID:14804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
    3⤵
    PID:18316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
  2⤵
  PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
      4⤵
      PID:7152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
    3⤵
    PID:13540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
    3⤵
    PID:4668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
  2⤵
  PID:5760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
  2⤵
  PID:10488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
  2⤵
  PID:14024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
  2⤵
  PID:18008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3068 -ip 3068
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 12532 -ip 12532
1⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7048 -ip 7048
1⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6952 -ip 6952
1⤵
PID:18152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe

Filesize
184KB

MD5
bfcb3f1ec19c5c17e5cba171deecbcb1

SHA1
f1a8cdbeeaa6353ec18c31bc67f765289fe84e46

SHA256
27560b4a562e864f84d66531156bd469cfa8081f0a6fdde4ce7fc814f44b32e9

SHA512
b16521206d98b6090987da91b48b7dcf20d3e447ae145b7e4e4713668b46e8d648dbc2629fd64bbedc9740a78f6fe33f2fb14aff0e797be16cae0657a1389054

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe

Filesize
184KB

MD5
c784b879d3776c249b9be4e6541fb56b

SHA1
e17b0efd526012faeb95cc15936217264cd512e5

SHA256
b338f487d65c5de469d42990ceb86f493f6c75129e67a03ac5bfabcaa7787fe5

SHA512
4df0d8f9f9c0919ef1600d2223a79807e5cb5f3d6d629f2e6378fe81377686fa2be34cb790b704b1456f9722d35a000600b0a31229571e623a6941cb60e9af2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe

Filesize
184KB

MD5
dd1865b75cd04921ab21d45656128580

SHA1
7a07c2de8d52712dfecb8de3d09972cb9c4ff3f8

SHA256
52d6e7cb4d7c10e91c31e5031a02a69dd1e196c4c818e9b463bc9238fb9b6bc3

SHA512
f228a1bad1e17214c813818b9f811cd30b04c97c91c644a9afb2b802ea196b224c58cabd59ccb79a49400e0122682dd29c3fce80d6323e8709d4c8aab76ad1ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe

Filesize
184KB

MD5
3ce109565c5a5e8c17834573c5196f4e

SHA1
8ecdcdbd48449908a1e06e4562f291790d0cdaa5

SHA256
64c7ad3c426bc9f3e3516f2534f44e0f92f6dc38ef9062a4b8ef4a06ba6000e9

SHA512
0b07a3116ea48fdcf91d5cd26409416258633eab58e58d2463eb5c10e5c7b4dfffec96c7c77551829717cec288dd92289e10ad11e47a89b72cc0db20ec62c8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe

Filesize
184KB

MD5
4153706493655eaccb47a09643d30da7

SHA1
00be1745a5236e90a2a0181205e7505685a7ce72

SHA256
2db79b7d3a347737d142426d29d1ab51a53d05af2c11ffde148c58d8caecdbfa

SHA512
c3d71b2c51e0acb9d8c2baa479d039fdca220ada9dc152a1a6df5da16254c5269f99f73d0fd4759a8fc0d86b011dab5dec3943c9cde1eae2f056437af640b974

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe

Filesize
184KB

MD5
0803579e3275128cb890babf6d2e6be9

SHA1
bf4c6e2447249718bb5b1612de9d4afe129ca705

SHA256
c54c5bf816f061389c030127d3aa2fe270ac06dd7d37e7056142f3dbc447c511

SHA512
f2895c4ad0b9e80e540c86332fde318c1191fd9bffd7509320710ba3c45a947a3cabe5e2b38f7472e589ae5724ddb3d443b7e55c530f73969f611bd05a29f56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe

Filesize
184KB

MD5
8988b99c3fe8e801cb4739d02d2509f7

SHA1
3dcbac51be3cf895a9be1a309fd9454c427058a5

SHA256
a788fd557863847f8ca0c35d947eb61cc8934e16ef735874944181897fa38efd

SHA512
b349137d3149f89f62d61942403b52bd1cf0b0e058b90273f6a0c6146c082d00aa33dce0be8a9f9e142bae10b8eebeeefdaaff29799ef697952d4bd885944b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe

Filesize
184KB

MD5
db155365f32b86be42814754ae015ebf

SHA1
89be5387cee4d1864e39ebecef4608fdd9e9f6cc

SHA256
12d9705cdfb4f4ef4f01254700553fdbb9256a03630c834f08606676bbc94bc2

SHA512
c2b3e3f1c5af85a682ecc3c543cfd77f0024c80edde1d39a1bc9b1bde74f14a7a35e3df42a03f32e60cb0c521f2bc05914038347131cebf1c018767068b1478a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe

Filesize
184KB

MD5
13ea98e116d50ce310f919da2290e0a0

SHA1
983b76028cabdc4d478e70aa074cb40de43403b1

SHA256
cccf6f32813940ef575c77c45af767b886f48953005e3d88d76d033d9d184d58

SHA512
9e83c0dad4fc5c1a113198f1d6edc5de43b4619c80c606f912b99a31adade99758e44d0d05327ad83dd1ab5b941b501090b91cf4bff18fb17259df97cd396510

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe

Filesize
184KB

MD5
bd14a3f05feff7b4e8bfcd2e19b78e8e

SHA1
097475fb7e20d48624e81c4c29de7bc0dde73994

SHA256
81d96b03dee6b11056d4aa79f5ab648fa48e27642c87aff25bfa971939f82954

SHA512
2468b17f4436907a14e3e3b9add09368d3693121b0005d7f53898e88ca3114661117adb6513fc554016a1fa598fbd5484e5c57229b0ffaa7ac5b17eb607a26d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe

Filesize
184KB

MD5
7ddbe2ffa81958785f88214041eb68c4

SHA1
4bcfc9484e21261ad74744ef585fb57649463403

SHA256
06ac482b53049ffb886ef9cbbf839ed85d2e0a4215ef3cb0ff8c507b6098ade5

SHA512
74218a404cdcd1f9f1279513c30af39eb4f1b1f3f89ee2590f62727b788a301d2d0f29da33db6f08f3a35ce3f3a6db637bbbd12c1960f98b786b4a40556e8f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe

Filesize
184KB

MD5
995ba261920c6670f48b554f0cb93838

SHA1
06c32db1fce6d90ece1f1c88fbd905b7b62eda3a

SHA256
466c2a93950afe2945ab5809210c1718f7abc5868fd2ec5ef5013d77058e2e15

SHA512
c6f8ebfb4de613e8d505f0d6fedf093338af02cd7584033741d8777dfaad999dec990cfc5bed8692c160623ac607de78622e5f89cb53fd1f470e1bce432881ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe

Filesize
184KB

MD5
d81b4363ebd72e29cf1f6a3a57b2d01c

SHA1
6ab330e34b2cdee375c750e5aeac3c82597a4983

SHA256
b10dd7d36bd7b4bc8d5ba6c8df10b53a954b165fb505e7b8e91502395ba516a6

SHA512
5cb6aae926deed715a966c969e4f31f245db6b45d82c87ea9918e3c77833004ae9aab9e48b24e0a86d8ac2b77426be7512806529522c7b75eb5e57095fdb3d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe

Filesize
184KB

MD5
c30eec8fb5aa01f2a630be72fc6b5cfe

SHA1
19b5871299364c7060cdd7bae38288d857078588

SHA256
8cfe1485038a4c6e1c65337f4b3d9594acd539a7eb1a9b9f0c91936b836fc467

SHA512
8bbe7fefef9f772961b89903dbc11575ee18374be486fae4726dab33eef329f3762047fb942b2174de4ad07ed6d22b9bf01eaed21f48198e1f8d2ba2d9788135

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe

Filesize
184KB

MD5
cd61661539fa16169eea2a58755953b3

SHA1
28cdb8b4a8eae8b5eef4802d9bf56eadb0113ce3

SHA256
c8673242cbcf3807dc49cffc0ba2789f5abe4346fa20131caaa31d2ed81b161f

SHA512
18676b25c68f09669e863be0abfeaafab951c04c8c44043e25b096acbe29f56b8197a145ea1184051ecff2104d32ead74adb8e23a370586358179259846acded

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe

Filesize
184KB

MD5
4bdd8d7a60bacdc5114d41e0657f783f

SHA1
98f3d2c26d946194561fb0339473e6e22813f779

SHA256
50632acfed4484decff3c28a1442c3438905bc1137bdaf9946a31495cdef1fbc

SHA512
667116582a618f5cb8f38a469574dc564fbe5215326ec98afd53f7daaa9a98041af04126530aebe96ad334872bcd7beb4d38bca41b2fd8431b6be412763cc46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe

Filesize
184KB

MD5
8b49fccbbd32b80cc9f83f977fb9bf5b

SHA1
d834c99d7fa6e248178f9308d1ab0af0122ebd39

SHA256
1680545364d00f1f2de404f21ce037693cd8b628b3aeab75d0b2624b361059dc

SHA512
dda0341d2ff6c25daf1ac6c21364a29e1c7b0d624a8ae1d4795cc8dfb63ca635fc76340a86356b9023c25f1875c244f8e7933f2783f972bc6f2e95ba7ad24716

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe

Filesize
184KB

MD5
1655574bf875f9674ae39d365fd65fdc

SHA1
5f0733ea1b0e78f0611463c7750d29c75ad22034

SHA256
1cfbb22bd9ccc2a987ead9e3c854f9bbd45ad31f9c5173ed04f6246cdef70e83

SHA512
91cad204685767aaf73615741d261c2e9c6b651c8152820db9b63fea40395a54167cc88d5aa87d4172579008baf21903fe09c7436968b657558b6816401b1947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe

Filesize
184KB

MD5
e0e33cf71edabb50c09949763740da2a

SHA1
236bad7d9a970a5d924e355e860d609ec8bb744d

SHA256
e54a231b39b0558aecb79460ce3f342a0a175e552d06f9526f38ad2f0184b777

SHA512
8c242692bae815ff9b1ab10a0c56485aac564178fb1b5e3f1c2506fdc3cd2888b0e6e2daa7105f6f56c0cfd96ccae2617d1f4c08e621da80777a468dfc20f3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe

Filesize
184KB

MD5
09f866ce9ed0289a238db4191b36f90e

SHA1
a8e04000e7f7600fccb983aff776e8e4e2c32d20

SHA256
7f87d6d1720d01734d646fa69f320b45b27a852045e52353c8a22cc2ebf88c25

SHA512
b46a3ed42123b955f87efeab5407394816a77fafcc239ff071e8f148c62eae16e91a135ee5c80ab5fc8ef4bf2e3fd2e5c2a8c13cc0df02ddcf9d5e4ed1ed6532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe

Filesize
184KB

MD5
4d933082095c5a7b8e4694e9f1e13871

SHA1
b870766380349a9676c66f0e0abe584b5f172e57

SHA256
f3f2fdd34c15e007dadd2222c28d13acf748f86aa7ac96632b276f3a02900154

SHA512
85769090d3cbc423404ccbb9bd21fd708c47533c6dd5a82893449c77b5a179c7e0ec41530c49af7228cb82315b044a47e2caad310509d5e0fdd4b549348c2c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe

Filesize
184KB

MD5
83e82dbc53c4d74770158750da1b68bd

SHA1
ccdd85460bc9d15c6b219d54bb88920f30db9ece

SHA256
78be9c9273eb25471212ea389642105bee01c29fe348b28aaf30cba1680be8bc

SHA512
709b26d12c9c71bf51c0b67b6ecc5a8347aeb4baf41240b6ef7a95eb134f9185738ef8ca9b0a27ef4e6940f60d599ac80a9d7990050259197385aa619850b1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe

Filesize
184KB

MD5
49edc97ff27b81d1bae59e00121b642d

SHA1
ed08397a3aaee73b00e0d914462aa3b43fa76889

SHA256
ea3b6ec350e9c970da4d2a3a852040adda0c8d56977cdf97724e4b588297cbf7

SHA512
e77166ea2b6e70dd71260adec74358bb12973328637b5ea1088544d954fd62052b142db2d4f3fcb5e05dfdcdb5df7791febf4b92a4c9bf975ca173694b09cd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe

Filesize
184KB

MD5
25b0b37840dd194b4f5b9bfb61a117c4

SHA1
879ffeb94961365c1b1165b50cefa966474d7023

SHA256
5cf5336c97366647248795d0a0a44b53a5f4d2ae193a63fc8f3054fbde7e0b2c

SHA512
375f0a84b380cfdd9d590e5ecbd064bb7de7841e8df798d081e36b86d710fc7322680edbbfea1d15aaaa16c79208640c149b7c11702d4386025e137f625c0a18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe

Filesize
184KB

MD5
eb66a14c46ce8306b095b2f73717b077

SHA1
eb3c1b8799661d403d3c4d5e1ae896b6382cbd56

SHA256
062f1a51621262faba5c63180ab4fb3c83ddb59de9247e1362ea4f3195075aba

SHA512
08eb90357fb8fbcf8cbb3ed49b5be3a01252c9178baa3a5d62ef12c00daf41b7481f6c1716043bd800816d21e1a0b7efc8a476c145cde523c68cea1377858bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe

Filesize
184KB

MD5
eb2bd4399e1e4fbcee1b6996736b2a99

SHA1
9f0c3d4d2e387316b02b09453a2d1a2552eeab16

SHA256
615387fdca1328abe5b60c49cc7d9a979745fd421e14d567c7b867731ca0f904

SHA512
a5c89d13b669c8ea70075f0df79a5dfb730328b0a67c6f731c4b0e7338cc5172dfc22cadd88ec9cada7c3affceeb702fe1fc613e28e610fb01b3aae493e3db89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe

Filesize
184KB

MD5
e0f4ff21f3ddfa7b111bf7f24c7bccb7

SHA1
06eba4260ad497edede1d556430b68018bf00f66

SHA256
2325e3e1a882087a45cbd66ad80ddbc5bd5370cbe33d0e06629b8cb91642d798

SHA512
93cdfbdd47c9737abfdfd618f37da3d402b88efc3508303a5f187390e374e0b3eff51b078fb1fc8dc753e6901a95bb58944436524ca27ccb66cfa362baf95f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe

Filesize
184KB

MD5
7d7ff58d2a64086197cb6d9ea900197c

SHA1
64fc98aa7b465fd40278ee3762e17f5779315ffd

SHA256
a395e301a4ce1df74247cee0bdff9075aaf9e8af4038330c0413ab6bd28db9cd

SHA512
20ce9340b6f7916466302540bf7a51570944a4195d25ed2b73c5e61f578e21f14963b75e917945dc40c2c2aa9325841e990a1810542e801f1486bd1fb31fba4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe

Filesize
184KB

MD5
3b2b88bc11cee0eda2d6bd26d2d10658

SHA1
12ae2a5b57bd2fea79fa4e037897fca5d7664ddf

SHA256
9c560439083e2ba2960f824bbdcc8addf3e27e9e6558028d6b8a7268bc26bcbe

SHA512
07db3c58579476d977edf667b893aaa071c6f67d565d6f89864dc11f4ad08d84b71f178be81bb633c6158280240fe30af2f80ba670ef6ae6476186f3356c1eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe

Filesize
184KB

MD5
19eb649c686324af6dd7bf6185156a77

SHA1
a405ee267773ed8449447301d356c5e8a73c06f8

SHA256
e011944eb0b8c86ad8a7617c9f3bbb8fd493c76a19d11c2766f9aa3e55456e47

SHA512
a0d15fff33b0014f5300d924ad5acde728c4f5a9d3d834398bf384ac56ef8a46ab004f7b21ccc239a3fafbaca8d6aff047939862e187d35a004bab9537e57c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe

Filesize
184KB

MD5
3010e88527925a5e66cf387a6faa0a67

SHA1
4cfde43eeed02ba07c4c660284cda1d706b67246

SHA256
a17fae3430dac2c681eb0ef380e60c470e234dfe6934e18b55219229aba260d8

SHA512
5b786e8fcee33924a89106d727e2788d40a2e6a662cac27388f060ac39ec825413d0245c98d18c6433c1f78595e31dc5553203da60fb6d6ac56095f7ca9c3b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe

Filesize
184KB

MD5
cd4c6099ee004c46535db7a5045644fb

SHA1
3e60a57f1d22393a64773163ffe817b770f33ed2

SHA256
fa0a5975c478a4e2047ccd9b95aa61c7bc21edf19f20980e27b697b2b355fa45

SHA512
5317f243b3032fa420b51a629d0620cbb024df63e93d9c793b3549182ad3c9a7be7d641ecd9761013595e3c288970bcfd26a4c396d5318fbe2a1624f418d0560

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe

Filesize
184KB

MD5
f22e3904263c039ab2da191ad7722435

SHA1
825c3f76fbbeb6fa659a7806fc3e128eb12dc408

SHA256
c1c8731b6f64a6030ae3f31a3e286ef6cfd9373a06604fe7e7c4f2d13c65d340

SHA512
f6a15952a7d8e38827e71eb479b310bae9bb9b4fc24843921c3ff56d07ce94925fe1ec5c8b671450f6fb85eb46d8d4e263a063a5a6646fc8285cdf00d89315e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe

Filesize
184KB

MD5
f946f7d4929fcdccb4e2eaa8029c2560

SHA1
3edf3aa2561f74034bab20b05b95d59acde24cbd

SHA256
783111037db505cbfe42b43a96f1261acf06e686931dd4170f10441ca0d2ac6f

SHA512
e3fc87bef29b151be37b8610a21e7aa418f882636a24f3709b8b2fc0ce5eebf63b25f237716904abe62e31c57cf4f41ee477a6705741f21e99e4400acb629c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe

Filesize
184KB

MD5
c9d5131f321a5027b7eb620ad0fd93ed

SHA1
524d7053bbc1f9b68b78ba2276d147cfb932ee9f

SHA256
db8223c1c989f43086c801e6c988c3c57a2f7e9ac25dbe446e146bcf4613fcdd

SHA512
c6d68fdd16d1f780dc454c1e4f99ada1d8c69ef6e26f06e3590945e5ac0d1ca7b30466d76c54c5f953015426e7a0a0e74f775e3c4330629925fd72ac3cc0636d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe

Filesize
184KB

MD5
03102801c4a11c3f3c2025c836c85322

SHA1
ac866b9ac867aaa225319bc43182cc5f95fcfe5f

SHA256
5073374080201aa24a19e1a86cb0848474f54f23c2585e27847ff73728874245

SHA512
2a0956e4421fd08226f860af744304e331a2ca1ed293ddba3ea6eab538cc6590e571ded6e04732641d4c53535ee8281bb89e866e944e6f6b2dfb0ac480cc5c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe

Filesize
184KB

MD5
308ea1b307b68d6b06659b0f3f672f7e

SHA1
0c3fb50f65e276c9ad5309b071c1d55d57b53472

SHA256
302d2c5d84f9fb16eb866cea3eca1464e569c7067b1f79a42e64f482c577b29e

SHA512
511133481ffebbd9c343ec039a7db3889c84cc6cc693ad9b62c3f00fb05ba897403475f5b4274d6eb4a37a0c0fdbdfe70e8d57398a97453557b565bccc31edea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe

Filesize
184KB

MD5
7b020a4d93a046c29c7bf200e8e790bd

SHA1
6083578ccf1df10a883747913ea526c6e849d081

SHA256
929216fe3254c9e6899584b3901d52f605b68e8d3bd738487593339ea72c6ef9

SHA512
d3f0e4f40e3c781410e77596bc6bf42e39d50fec3117f7b22a48663156b0e8733f515e52c429bbb2d787cb5ff37b7a82ed2669b6d9508d92156c0998b38c0f5d

Download Submit
memory/4936-4908-0x00007FFC8E680000-0x00007FFC8E703000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads